An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
Advisories
Source ID Title
EUVD EUVD EUVD-2021-1499 An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
Github GHSA Github GHSA GHSA-x2j7-6hxm-87p3 Craft CMS Remote Code Injection
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-03T21:33:16.393Z

Reserved: 2021-03-02T00:00:00

Link: CVE-2021-27903

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-30T12:15:07.643

Modified: 2024-11-21T05:58:44.507

Link: CVE-2021-27903

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.